07-11-2017 04:57 AM
We are looking again at implementing HTTPS for a Geospatial Portal and all the connected web services from WebMap, as well as having authenticated access to the web services. The Portal will have it's own login page.
Has anyone implemented HTTPS for all web services into a HTTPS Portal? Did you have any issues? Can the HTTPS Portal be configured via AdminPortal? Do the certificiates for HTTPS have to be 'proper' or can you use self signed? Thanks,
07-12-2017 05:03 AM
Experiencing the same problem. I can access the Admin console via HTTPS after following this guide but on running the web services and portal application they default back to HTTP. On enforcing https by manually typing it in the url of the web service or portal i get a resource not found error!
Hope someone can chip in and help.
07-12-2017 05:21 AM
I think I have found a solution....for the web services, i have not tested with the portal yet. Edit the web.config file and locate the following:
<serviceBehaviors> <behavior name="SDIProFacadeInterfaceBehavior"> <!--If you plan on using SSL, please switch httpsGetEnabled below to true--> <serviceMetadata httpGetEnabled="true" httpGetUrl="" httpsGetEnabled="true" httpsGetUrl="" /> <serviceDebug includeExceptionDetailInFaults="true" /> </behavior> </serviceBehaviors>
Change httpsGetEnabled to true
<webHttpBinding> <binding name="webHttpBinding"> <!-- If you wish to run the service over HTTPS transport change the mode from None to Transport --> <security mode="Transport"> <transport clientCredentialType="None" /> </security> </binding> </webHttpBinding> <basicHttpBinding> <binding name="basicHttpBinding"> <!-- If you wish to run the service over HTTPS transport change the mode from None to Transport --> <security mode="Transport"> <transport clientCredentialType="None" /> </security> </binding> </basicHttpBinding>
Change the security mode to Transport
Am not quite sure if this is the ideal solution but it worked for me.
07-12-2017 06:22 AM - edited 07-12-2017 06:29 AM
I've only every used self-signed certificates and they work for me.
If instance configuration is necessary after securing the Admin Console the Portal Instances should be set to HTTPS as well to match that of the Admin Console or else there will be a binding mismatch between the Portal Instance (HTTP) and the AdminService of Administration Console (HTTPS) as it is needed for configuration.
I've tried matching the web.config serviceBehaviors of the Portal instance to that of the web.config of the services (as in Elvon example previous) but had no success.
I was able to achieve the same end via IIS with following configuration which may help this discussion
***Assumes secured Admin Console set to Basic Auth
AdminService of AdminPortal of AdminConsole set to allow ‘anonymous’ auth
Portal Instance set to Basic Auth (also works if set to Anonymous)
Portal instance set to Require SSL
Portal instance AdminService allow ‘Anonymous’
07-12-2017 06:46 AM
Ive only had success with self signed certificate as I haven't tried any other method.
After securing the Admin Console (HTTPS) there will be a binding mismatch with Portal instance (HTTP) when attempting to configure the instance. These must match as instance configuration utilizes the AdminService of the Admin Console.
I have tried to match these using serviceBehaviors (as in Elvon example previous) in web.config of Portal instance without success.
I was able to match the bindings with following configuration (essentially same thing as for service) via IIS. It may help this discussion.
***Assumes secured AdminConsole with Basic Auth
07-12-2017 11:22 AM - edited 07-12-2017 11:23 AM
Have you set httpsGetEnabled="true" in service behavior of WMPS?
It would be helpful to see your web.config for the WMPS so we can see for sure what is configured.
07-13-2017 03:58 AM - edited 07-13-2017 04:00 AM
Ok, so I had a typo in my WMPS Web.Config - the service does now return however there is a mix of http:// and https:// in teh response, see attached.
Also, I still cannot configure a HTTPS portal via AdminConsole. The Admin Console Service log shows -
2017-07-13 11:50:41,384  ERROR ErrorHandler [(null)] - The service encountered an unhandled exception
System.ServiceModel.Security.SecurityNegotiationException: Could not establish trust relationship for the SSL/TLS secure channel with authority 'swi-sgiv-gm22'. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
07-13-2017 07:00 AM
The http/https mix is likely tied to the binding settings and I would need to have a closer look before providing a meaningful response.
The configuration of the Portal instance that brings about the trust relationship message is likely tied to the site binding for 443 and it should be reviewed for 'Host Name' setting. Is the 'hostname alias' option from Admin Console in use here?
In either case to better assist you, might I suggest that you open a support ticket(s) with details describing your workflow and your observations/results. There are many variables (IIS settings, web.config parameters, etc.) in this case and it may be tough to provide an effective answer without a more focused investigation of the root cause.